WHAT IS CLAIMED IS: 

1 . A router provided on a boundary between the 
Internet and an intranet and used for receiving an 
incoming first packet and then passing on said first 
packet to a destination router indicated by a destination 
address of said first packet, said router comprising: 

a decapsulation unit for carrying out a process of 
decapsulating said first packet into a second packet in 
the case of said first packet including a predetermined 
address specified as said destination address; 

a first judgment unit for forming a judgment as to 
whether or not a user transmitting said first packet is 
an authorized user; 

a second judgment unit for forming a judgment as to 
whether or not the present time is within a time range 
allowed for said user transmitting said first packet; and 

a third judgment unit for forming a judgment as to 
whether or not said second packet obtained as a result of 
said process of decapsulating said first packet is 
allowed to pass through said intranet on the basis of a 
result of said judgment formed by said first judgment 
unit and a result of said judgment formed by said second 
judgment unit. 

2. A router used for receiving an incoming packet 

92 



and then passing on said packet to a destination router 
indicated by a destination address of said packet, said 
router comprising: 

a first judgment unit for forming a judgment as to 
whether or not the present time is within a time range 
open to a user transmitting said packet; 

a second judgment unit for comparing a distance to 
said destination address along a route to be traveled by 
said packet by way of a predetermined network with a 
distance to said destination address along a route to be 
traveled by said packet by way of the Internet only 
without passing through said predetermined network; 

a third judgment unit for forming a judgment as to 
whether to pass on said packet to said destination 
address along said route passing through said 
predetermined network or said route by way of said 
Internet only without passing through said predetermined 
network on the basis of a result of said judgment formed 
by said first judgment unit and a result of said judgment 
formed by said second judgment unit; and 

an encapsulation unit which is used for creating an 
encapsulated packet by adding an encapsulation header 
destined for said predetermined network to said packet in 
case a result of said judgment formed by said third 
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judgment unit indicates that said packet is to be passed 
on to said destination address by way of said 
predetermined network. 

3. A router according to claim 1 wherein: 

said router further has a message- transmitting unit 
for transmitting an open-network message to a second 
router transmitting said first packet; and 

said third judgment unit does not let said second 
packet obtained as a result of decapsulation of said 
first packet pass through said intranet prior to 
transmission of said open-network message. 

4. A router according to claim 1 wherein: 

said router further has a message-transmitting unit 
for transmitting a blocked-network message to a second 
router transmitting said first packet; and 

said third judgment unit does not let said second 
packet obtained as a result of decapsulation of said 
first packet pass through said intranet after 
transmission of said blocked-network message. 

5. An IP-packet transfer method for transmitting 
an IP packet from a user network including an edge node 
provided with an encapsulation function by way of an 
intranet including another edge node provided with a 
decapsulation function and a table of authorized users. 
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6. A router according to claim 2 wherein said 
second judgment unit compares a distance to a destination 
address of a packet along a route to be traveled by said 
packet by way of a predetermined network with a distance 
to said destination address along a route to be traveled 
by said packet by way of the Internet only without 
passing through said predetermined network on the basis 
of distance information stored in a first table. 

7 • A router according to claim 2 wherein said 
encapsulation unit creates an encapsulated packet by 
adding an encapsulation header stored in a second table. 

8. A router according to claim 6 wherein said 
distance information stored in said first table is 
obtained as a result of comparison of the first number of 
domains to be traveled to reach a predetermined router in 
said predetermined network with the second number of 
domains to be traveled to reach a destination address by 
communications with an adjacent router. 

9. A router according to claim 2 wherein: 

said router further has a message-receiving unit 
for receiving an open-network-message from said 
predetermined network; and 

said third judgment unit transmits a packet by way 
of the Internet only without transmitting the packet by 
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way of said predetermined network prior to reception of 
said open-network message. 

10. A router according to claim 2 wherein: 
said router further has a message-receiving unit 

for receiving a blocked-network-message from said 
predetermined network; and 

said third judgment unit transmits a packet by way 
of the Internet only without transmitting the packet by 
way of said predetermined network after reception of said 
blocked-network message, 

11. A router according to claim 2 wherein: 

said router further has an operation-verifying unit 
for verifying operations of a plurality of other routers 
in said predetermined network; and 

said encapsulation unit creates an encapsulated 
packet including an additional encapsulation header 
destined for one of said other routers with a normal 
operation verified by said operation-verifying unit. 

12. A router according to claim 1 wherein: 

said router further has a first table for storing a 
user category indicating whether a user transmitting a 
packet is a preferentially treated user or an ordinary 
user and storing an open-network time range for a user 
transmitting a packet indicated as an ordinary user by 
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said user category for each source address; 

said router further has a fourth judgment unit for 
forming a judgment as to whether a user transmitting a 
packet is a preferentially treated user or an ordinary 
user on the basis of said user category stored in said 
first table for a source address of said packet; and 

said third judgment unit lets a second packet 
originated by a user judged by said fourth judgment unit 
to be a preferentially treated user pass through said 
intranet without regard to said open-network time range. 

13. A communication network comprising the 
Internet, an intranet including a first boundary router 
connected to said Internet and a user network including a 
second boundary router connected to said Internet 
wherein : 

said first boundary router includes: 

a decapsulation unit for carrying out a process of 
decapsulating a first packet into a second packet in the 
case of said first packet including a predetermined 
address specified as a destination address; 

a first judgment unit for forming a judgment as to 
whether or not a user transmitting said first packet is 
an authorized user; 

a second judgment unit for forming a judgment as to 
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whether or not the present time is within a time range 
allowed for said user transmitting said first packet; and 

a third judgment unit for forming a judgment as to 
whether or not said second packet obtained as a result of 
said process of decapsulating said first packet is 
allowed to pass through said intranet on the basis of a 
result of said judgment formed by said first judgment 
unit and a result of said judgment formed by said second 
judgment unit; whereas 

said second boundary router includes: 

a fourth judgment unit for forming a judgment as to 
whether or not the present time is within a time range 
open to a user transmitting a third packet; 

a fifth judgment unit for comparing a distance to a 
destination address of said third packet along a route to 
be traveled by said third packet by way of said intranet 
with a distance to said destination address along a route 
to be traveled by said third packet by way of the 
Internet only without passing through said intranet; 

a sixth judgment unit for forming a judgment as to 
whether to pass on said third packet to said destination 
address along said route passing through said intranet or 
said route by way of said Internet only without passing 
through said intranet on the basis of a result of said 
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judgment formed by said fourth judgment unit and a result 
of said judgment formed by said fifth judgment unit; and 

an encapsulation unit which is used for creating an 
encapsulated packet by adding an encapsulation header 
destined for said first boundary router to said third 
packet in case a result of said judgment formed by said 
sixth judgment unit indicates that said third packet is 
to be passed on to said destination address by way of 
said intranet. 
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